This British teenager is apparently the mastermind behind Lapsus$

By Sead Fadilpašić
last updated

Lapsus$ hacking group allegedly consists of seven people

A blue color image of a person trying to log into a protected laptop.
(Image credit: Shutterstock/JARIRIYAWAT)

We still don’t know for certain who the people behind the Lapsus$ hacking group are, but some cybersecurity researchers think they have a pretty good idea.

An investigation by Bloomberg claims that Lapsus$ counts just seven members, with the mastermind behind the whole operation allegedly being a teenage boy from the UK.

The alleged ringleader is either 16 or 17 years of age, and lives with his mother “about five miles outside of Oxford University”. Bloomberg’s investigators reprotedly talked to his mother over an intercom, but she did not allow direct communication with her son, and added that she knew nothing of any allegations made against him.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

Members in Brazil

Other than saying that four researchers were involved in the investigation, Bloomberg did not name any names - although The Verge found that online security expert Brian Krebs had managed to link back some Lapsus$ members to certain individuals. 

Another team member allegedly lives in Brazil. One of them is so skilled that researchers first thought it was a bot, and not an actual human, doing some of the work.

So far, the only thing the researchers can publicly state are the aliases these people were allegedly using, and these include “white”, “breachbase”, “Oklaqq” and “WhiteDoxbin”. These aliases probably belong to no more than two individuals.

The Lapsus$ cybercrime group quickly rose to fame. Late last year, it attacked the endpoints (opens in new tab) of Impresa, Portugal’s biggest media conglomerate, taking down multiple websites, TV channels, AWS infrastructure, and Twitter accounts. 

Later, it struck the websites of Brazil’s Ministry of Health (MoH), suspending Covid-19 vaccination efforts in the country. 

Read more

> Stolen Nvidia code signing certificates used to sign off malware (opens in new tab)

> Nvidia hackers hit Samsung and leak huge data dump (opens in new tab)

> Okta reportedly hit in serious breach - Lapsus$ strikes again? (opens in new tab)

Soon after that, came high-profile names from the tech industry: Nvidia, Samsung, Ubisoft, Okta, and possibly even Microsoft. 

The group leaked 190GB of Samsung’s internal data, containing the source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations; algorithms for all biometric unlock operations; bootloader source code for all recent Samsung devices; confidential source code from Qualcomm; source code for Samsung’s activation servers; full source code for technology used for authorizing and authenticating Samsung accounts, including APIs and services.

Law enforcement agencies have not yet made any statements regarding this investigation and no charges have been pressed just yet.

Via: Bloomberg (opens in new tab)

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

See more Computing news